> > IPv6 allows packets to contain a Fragment Header, without the packet > > being actually fragmented into multiple pieces. Such packets > > typically result from hosts that have received an ICMPv6 "Packet Too > > Big" error message that advertises a "Next-Hop MTU" smaller than 1280 > > bytes, and are currently processed by hosts as "fragmented > > traffic". > > Does such traffic actually occur in the wild, or would it only be used > in attacks?
Such traffic absolutely occurs in the wild. I have three reasonably busy name servers where this is logged as an error from the ipfw code, e.g. Dec 16 14:04:04 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 17 00:27:20 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 18 07:53:10 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 18 23:21:37 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 19 03:07:43 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 19 05:09:45 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 19 21:47:46 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 20 08:10:59 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 20 08:59:21 slem kernel: IPFW2: IPV6 - Invalid Fragment Header Dec 20 11:25:59 slem kernel: IPFW2: IPV6 - Invalid Fragment Header This is because these name servers haven't (yet) been upgraded to a FreeBSD version where bug report kern/145733 haven't been fixed. It *is* fixed in newer FreeBSD versions, e.g. 8.2-STABLE. Steinar Haug, Nethelp consulting, [email protected] -------------------------------------------------------------------- IETF IPv6 working group mailing list [email protected] Administrative Requests: https://www.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------
